KR20180069767A - Method for Operating Mobile OTP using Biometric - Google Patents

Abstract

According to a mobile one-time password (OTP) operating method using biometric recognition of the present invention, a method for executing a mobile communications network is performed through a user mobile phone having a program which is connected to a mobile communications network and generates an OTP. When a medium identifier of a unique code value form, which is uniquely assigned not to overlap separately is stored in a designated storage area of a mobile phone of a user after a program is downloaded and installed in the mobile phone, the program of the user mobile phone registers and stores medium information including a medium identifier of a code value form stored in the assigned storage area. When the program of the user mobile phone is performed to generate an OTP, the program of the user mobile phone extracts a medium identifier of a code value form stored in the assigned storage area, and transmits medium authentication information including the extracted medium identifier to the server. When the medium identifier of the medium authentication information and the medium identifier of the medium information registered and stored in the storage medium are compared and authenticated in the server, the program of the user mobile phone receives a result of authenticating the same as an OTP medium of the user from the server. When the same is authenticated as an OTP medium of the user through the server, the program of the user mobile phone confirms a result of authentication by recognizing a body of the user through a bio recognition unit of the mobile phone authenticated as the OTP medium. When the body of the user is authenticated through the authenticated OTP medium after the OTP medium of the user is authenticated through the server, an OTP of N (N>=2) digits in which the program of the user mobile phone is assigned is dynamically generated.

Description

[0001] The present invention relates to a method for operating a mobile api using biometrics,

The present invention provides a method for executing a program executed by a user's mobile phone having a program for accessing a mobile communication network and generating an OTP (One Time Password), the method comprising: When the medium identifier of the form is stored in the designated storage area of the mobile phone, the program of the user phone registers the medium information including the medium identifier of the code value type stored in the designated storage area in the storage medium of the designated server, When the program of the mobile phone is executed to generate the OTP, the program of the user's mobile phone extracts the medium identifier of the code value type stored in the designated storage area and transmits the medium authentication information including the extracted medium identifier to the server , The server sends the medium authentication information Wherein the user terminal receives a result of authenticating the user's mobile phone with the user's OTP medium from a program of the user's mobile phone, and transmits the user's OTP medium , The program of the user's mobile phone recognizes the result of authenticating the user's body through the biometric unit of the mobile phone authenticated with the OTP medium and verifies the result of authenticating the user through the server, The present invention relates to a mobile authentication operating method using biometrics in which, when a user's body is authenticated through a medium, the program of the user's mobile phone generates an N (N > = 2)

As non-face-to-face transactions are activated by the development of information and communication technology, non-face traders must certify that the connected user is a valid trader through the communication network and prepare for accidents that may occur.

In the non-face-to-face transaction, the most common method for authenticating a user connected through a communication network is authentication using ID / PW. However, due to the problem that the ID / PW is easily exposed, And is used to identify a trader rather than to be used as a transaction.

As a non-face transaction authentication method more advanced than the method using the ID / PW, an authentication method using a public certificate is used. When a medium (for example, a computer) on which the public certificate is recorded is hacked or a keyboard hacking program When the non-face-to-face transaction is processed through the installed terminal, the authorized certificate also has a problem that it can not provide reliable non-face-to-face transaction authentication.

One-time password (OTP) is used as a method for solving the problem of the above-mentioned public certificate. The OTP is a fixed seed that is exchanged / shared by a trading partner in a non-contact manner when the one or more fixed seed values and a fixed seed value dynamically determined at the time of generating the secret are determined and determined at the time of non- Value and a dynamic seed value to a predetermined code generation algorithm (for example, a hash function) to generate an OTP that can be used once, exchange and authenticate the generated OTP, and reuse the same OTP even if the OTP is exposed It is used as an authentication means which is safer to hacking than other authentication means.

In order to generate the OTP as described above, the user has to carry a portable device called OTP generator. In recent years, the OTP generator has been implemented in an OTP generation program (for example, an OTP generation algorithm A program code and a seed value) are installed and used as an OTP generator.

However, in the conventional mobile phone OTP generator, an OTP generator in the form of a portable device is implemented as a program code on a mobile phone, and the OTP generation program installed in the mobile phone OTP generator is copied (for example, ), Or when the mobile phone OTP generator replicates a mobile phone in which the OTP generation program is installed, the mobile phone OTP generator is no longer reliable.

Also, when wireless non-face-to-face transaction such as wireless settlement / banking is used through a mobile phone used as the mobile phone OTP generator, the mobile phone is used as a transaction medium for the non-face-to-face transaction, In this case, the wireless non-face-to-face transaction as described above may not satisfy the two-factor authentication condition that the transaction medium and the authentication medium must be separated into different media in the non-face-to-face transaction through OTP authentication It has a problem.

An object of the present invention is to provide a method for executing via a user's mobile phone having a program for accessing a mobile communication network and generating an OTP (One Time Password), the method comprising the steps of: And storing the medium information including the medium identifier of the code value type stored in the designated storage area in the storage medium of the designated server, when the medium identifier of the code value type is stored in the designated storage area of the mobile phone If the program of the user's cellular phone is executed to generate the OTP, the program of the user's cellular phone extracts the medium identifier of the code value type stored in the designated storage area and stores the medium authentication information including the extracted medium identifier A second step of transmitting to the server, And a third identifier indicating whether the program of the user's mobile phone authenticates itself with the user's OTP medium when the medium identifier of the medium authentication information is compared with the medium identifier of the medium information registered and registered in the storage medium, A step of authenticating a user's cellular phone through a biometrics unit of the cellular phone authenticated by the OTP medium, and a step of verifying the result of authentication when the user's cellular phone is authenticated through the server, And a fifth step of dynamically generating N (N > = 2) -transmitted OTPs designated by the user's mobile phone program when the user's body is authenticated through the authenticated OTP medium after authenticating the user's OTP medium through the server And a method of operating a mobile api using biometrics.

A method of operating a mobile authentication using biometrics according to the present invention is a method executed by a user's mobile phone having a program for accessing a mobile communication network and generating an OTP (One Time Password), the method comprising: When a medium identifier of a code value type uniquely allocated after being installed is stored in a designated storage area of the cellular phone, the program of the user cellular phone specifies medium information including a medium identifier of a code value type stored in a designated storage area And a step of, when the program of the user's mobile phone is executed to generate an OTP, extracting a medium identifier of a code value type stored in a designated storage area of the user's mobile phone, The medium authentication information including the medium identifier A second step of transmitting the medium identification information of the medium authentication information to the server and a second step of comparing the medium identifier of the medium authentication information registered in the storage medium with the medium identifier of the medium information stored in the storage medium, A third step of receiving a result of the authentication using the OTP medium; and a third step of authenticating the user's OTP medium through the server, the program of the user's mobile phone recognizes the user's body through the biometric unit of the mobile phone authenticated with the OTP medium A fourth step of verifying the result of authentication; and a step of authenticating the user's body through the authenticated OTP medium after authenticating the user's OTP medium through the server, if the program of the user's mobile phone has N (N > = 2) And a fifth step of dynamically generating the OTP.

In the method of operating a mobile entity using biometrics according to the present invention, the medium identifier may be a unique number stored in a predetermined system area of the user's mobile phone, And a code value that is obtained from the code.

In the method of operating a mobile authentication using biometrics according to the present invention, when a user's mobile phone is authenticated as an OTP medium through the server, the program of the user's mobile phone uses a biometric unit of the mobile phone authenticated with the OTP medium, The method comprising the steps of: confirming biometric information recognized from a living body; and performing an authentication procedure set by a program of the user's cellular phone to authenticate the validity of the recognized biometric information.

In the method of operating a mobile orthopy using biometrics according to the present invention, when the N-digit OTP is dynamically generated, the generated N-digit OTP is transmitted to a terminal or a terminal located near the OTP using the short- And transmitting the data to the device.

A method of operating a mobile authentication using biometrics according to the present invention is a method executed by a user's mobile phone having a program for accessing a mobile communication network and generating an OTP (One Time Password) In order to identify and authenticate the mobile phone of the user as the OTP medium of the user who generates the OTP, the program is downloaded to the mobile phone, and the mobile phone is uniquely allocated to the mobile phone in a designated storage area of the mobile phone, Extracting a registered storage medium identifier from a designated storage area of the cellular phone, and constructing medium authentication information including the extracted medium identifier and transmitting the medium authentication information to the server; The media identifier registered in the medium is compared with the identifier A second step of receiving a result of authenticating the mobile phone that has executed the program from the server with the OTP medium of the user, and a step of receiving, when the mobile phone executing the program through the server is authenticated as the OTP medium of the user, A third step of confirming a result of authenticating the user through the biometric unit of the mobile phone authenticated with the user, and verifying the result of authentication when the user's biometrics are authenticated; (N > = 2) number of OTPs using the at least one seed including the generation information stored in the mobile phone, The program is downloaded to the mobile phone, And is not used as generation information for generating the OTP.

The method of operating a mobile authentication using biometrics according to the present invention may further include registering and storing biometrics authentication information for authenticating a user's biometrics before generating the OTP.

In the method of operating a mobile object using biometrics according to the present invention, when a cellular phone executing the program through the server is authenticated as the OTP medium of the user, Authenticating the biometrics of the user corresponding to the biometric information through the biometric authentication information stored in the designated storage medium and performing an authentication procedure for verifying the validity of the OTP generation And further comprising:

In the method of operating a mobile object using biometrics according to the present invention, the validity of the OTP generation is confirmed through a program of the mobile phone or through a server communicating with the mobile phone.

In the method of operating a mobile orthopy using biometrics according to the present invention, when the N-digit OTP is dynamically generated, the generated N-digit OTP is transmitted to a terminal or a device And transmitting the data to the mobile station.

A method of operating a mobile authentication using biometrics according to the present invention is a method executed by a user's mobile phone having a program for accessing a mobile communication network and generating an OTP (One Time Password) The mobile phone of the user is identified and authenticated as the OTP medium of the user who generates the OTP. After the program is downloaded and stored in the designated storage area of the mobile phone, Extracting an identifier from a designated storage area of the cellular phone and configuring media authentication information including the extracted media identifier, and transmitting the media authentication information to the server; and comparing the medium identifier of the medium authentication information with the registered medium identifier If the authentication is successful, A second step of receiving a result of authenticating the mobile phone with the user's OTP medium, and a second step of authenticating the mobile phone, which has executed the program through the server, with the OTP medium of the user, And a third step of dynamically generating N (N > = 2) OTPs based on a result of recognizing the user's body and authenticating the user, wherein the medium identifier is not duplicated after the program is installed in the mobile phone And the code is not information previously allocated to the mobile phone before the program is installed.

The method of operating a mobile authentication using biometrics according to the present invention may further include registering and storing biometrics authentication information for authenticating a user's biometrics before generating the OTP.

In the method of operating a mobile object using biometrics according to the present invention, when a cellular phone executing the program through the server is authenticated as the OTP medium of the user, Authenticating the biometrics of the user corresponding to the biometric information through the biometric authentication information stored in the designated storage medium and performing an authentication procedure for verifying the validity of the OTP generation And further comprising:

In the method of operating a mobile object using biometrics according to the present invention, the validity of the OTP generation is confirmed through a program of the mobile phone or through a server communicating with the mobile phone.

In the method of operating a mobile orthopy using biometrics according to the present invention, when the N-digit OTP is dynamically generated, the generated N-digit OTP is transmitted to a terminal or a device And transmitting the data to the mobile station.

A method of operating a mobile authentication using biometrics according to the present invention is a method executed in a mobile phone of a user having a program for accessing a mobile communication network and generating an OTP (One Time Password) To extract the code value stored in the designated storage area of the mobile phone, and to extract the code value stored in the designated storage area of the mobile phone after the program is downloaded to the mobile phone in order to authenticate the OTP medium of the user generating the OTP, The method comprising: a first step of configuring medium authentication information and transmitting the medium authentication information to a designated server; and a step of, when performing a procedure of authenticating a code value of the medium authentication information through a code value registered in the server, To the OTP medium of the user who creates the designated OTP And a second step of receiving a confirmation result from the biometrics unit of the mobile phone and a biometrics unit of the mobile phone authenticated by the OTP medium when the cellular phone executing the program through the server is authenticated as the OTP medium of the user, A fourth step of authenticating the user's body corresponding to the biometric information through the biometric authentication information stored in the designated storage medium and performing an authentication procedure for confirming the validity of OTP generation; A fifth step of dynamically generating an OTP of N (N > = 2) digits preliminarily designated when validity is confirmed, and a fifth step of transmitting the generated N-digit OTP to a terminal or a device located near by using the short- Wherein the code value includes a pre-assigned telephone number before the program is installed in the mobile phone, Or serial number.

The method of operating a mobile authentication using biometrics according to the present invention may further include registering and storing the biometric authentication information before generating the OTP.

In the method of operating a mobile object using biometrics according to the present invention, the validity of the OTP generation is confirmed through a program of the mobile phone or through a server communicating with the mobile phone.

In the method of operating a mobile object using biometrics according to the present invention, the fifth step may include: constructing at least one seed value for OTP generation using the biometric information, And a step of dynamically generating an OTP by substituting the above seeds into a specified OTP generation algorithm.

A method for operating a mobile object using biometrics according to the present invention is a method executed in a wireless terminal having a program for generating an OTP (One Time Password), the method comprising: A first step of configuring medium information to be authenticated as an OTP medium of the OTP medium, and transmitting the medium information to a designated server, and a step of receiving a result of authenticating the wireless terminal in the state in which the program is executed based on the medium information, A third step of verifying the biometric information recognized from the user's body using the biometric unit of the wireless terminal authenticated with the OTP medium, and a step of verifying the biometric information stored in the storage medium, A fourth step of authenticating the user's body and performing an authentication procedure for confirming the validity of OTP generation; If validated it characterized in that it includes a fifth step of generating a dynamic OTP.

The method of operating a mobile authentication using biometrics according to the present invention may further include registering and storing the biometric authentication information before generating the OTP.

In the method of operating a mobile object using biometrics according to the present invention, the OTP generation validity is confirmed through a program of the mobile terminal or through a server communicating with the mobile terminal.

In the method of operating a mobile orthopy using biometrics according to the present invention, at least one seed value for OTP generation is configured using the biometric information, and one or more seeds including the configured seed value are generated by a designated OTP generation And dynamically generating an OTP by substituting it into an algorithm.

In accordance with the present invention, there is provided a method of operating a mobile orthopedic device using biometrics, wherein the user's body comprises at least one of a user's fingerprint, iris, retina, and face.

*

The method of operating a wireless authentication using biometrics according to the present invention includes the steps of recognizing biometrics information of a user from a biometrics object of a user when generating a One Time Password (OTP) at a wireless terminal, And generating and outputting an OTP using at least one fixed seed value included in the OTP generation information and a dynamic seed value dynamically determined. .

In another aspect of the present invention, there is provided a method of operating a wireless authentication using biometrics, comprising: storing wireless terminal unique information in a storage medium in association with biometric information obtained from a user's body and server-side OTP generation information; The method includes receiving OTP generated through OTP generation information including biometric information recognized as a seed value from a biometric target, checking the unique information of the wireless terminal that generated the OTP, Configuring OTP generation information including a seed value included in the server-side OTP generation information and a seed value corresponding to the biometric information; (Or verification operation) between the received OTP and the generated OTP 'to generate the received OTP' It characterized in that comprises a step of authenticating the castle.

Meanwhile, a method of operating a wireless authentication using biometrics according to the present invention includes storing wireless terminal unique information in a storage medium and OTP generation information including biometric information obtained from a user's body as seed values in association with each other, Receiving OTP generated through OTP generation information including biometric information recognized by the user as a seed value, checking the unique information of the wireless terminal that generated the OTP, (Or OTP) generated by the OTP generation unit, and generating OTP 'based on the OTP generation information, and comparing (or verifying) the received OTP with the generated OTP' And authenticating the validity.

A method of operating a wireless access point using biometrics according to the present invention includes the steps of storing biometrics authentication information in a USIM / memory of a wireless terminal, and storing the biometrics information and the biometrics information stored in the USIM / And verifying the validity of the OTP generation by comparing (or verifying) the authentication information.

The method of operating a wireless api using biometrics according to the present invention may further comprise processing the biometric information by hashing the seed value data structure of the OTP generation information.

In the method for operating a wireless object using biometrics according to the present invention, the biometrics object includes any one of a fingerprint, an iris, a retina, and a face of a user, and the biometrics information is recognized from the biometrics object The fingerprint recognition information, the iris recognition information, the retina recognition information, and the face recognition information.

In the biometrics operating method of the present invention, the biometrics information is included as a fixed seed value of the OTP generation information.

In the method of operating a wireless api using biometrics according to the present invention, the OTP generation information includes wireless terminal specific information as a fixed seed value.

The OTP generation information may include a combination of terminal side OTP generation information including a parameter for determining one or more fixed seed values and a dynamic seed value and the biometric information in combination with biometrics according to the present invention. .

The OTP generation information may include a server side OTP generation information including a parameter for determining one or more fixed seed values and a dynamic seed value, and a combination of the biometric information .

On the other hand, the present invention includes a computer-readable recording medium having recorded thereon a program for executing the above-described method for operating a wireless authentication using biometrics.

Meanwhile, the wireless terminal according to the present invention includes a biometrics unit for recognizing biometrics information of a user from a biometrics object of a user when generating a One Time Password (OTP) at a wireless terminal, And an OTP generator for generating an OTP using at least one fixed seed value included in the OTP generation information and a dynamic seed value determined dynamically .

Meanwhile, a biometrics based wireless authentication operating system includes a storage medium for storing wireless terminal unique information, biometric information obtained from a user's body, and server-side OTP generation information in association with each other, An information receiving means for receiving an OTP generated through OTP generation information including biometric information recognized as a seed value from an object; and a radio base station for verifying the radio terminal unique information that generated the OTP, Information generating means for generating OTP generation information including a seed value included in the server-side OTP generation information and a seed value corresponding to the biometric information, Generates OTP 'through the OTP generation information, and compares (or verifies) the received OTP with the generated OTP' And OTP authentication means for authenticating the received OTP validity.

Meanwhile, the wireless ontip management system using biometrics according to the present invention includes a storage medium for storing and storing OTP generation information including wireless terminal unique information and biometric information acquired from a user's body as a seed value, Information receiving means for receiving an OTP generated through OTP generation information including biometric information recognized as a seed value from a biometric subject of the OTP; (Or verification operation) between the received OTP and the generated OTP 'to generate an OTP' based on the OTP generation information and an information checking means for checking the OTP generation information associated with the wireless terminal unique information, And OTP authentication means for authenticating the OTP validity.

According to the present invention, when generating an OTP in a wireless terminal having a biometric function for recognizing a user's biometric information from a biometric object corresponding to one of a user's fingerprint, iris, retina, and face, The biometric information of the user registered in advance is used as the seed value of the OTP to generate the OTP, the server authenticating the OTP verifies the biometrics information of the pre-registered user at the OTP authentication, Authenticating the OTP by using the identification information as the same seed value, the advantage of preventing the wireless terminal from being stolen / hijacked and being used by a third party maliciously, and the advantage of two- Factor Authentication.

1 is a diagram illustrating a functional configuration of a wireless terminal having a function of generating an OTP using biometric information according to an embodiment of the present invention.
2 is a diagram illustrating a configuration of a wireless OTP system according to an embodiment of the present invention.
3 is a diagram illustrating an OTP media registration process according to an embodiment of the present invention.
4 is a diagram illustrating an OTP generation process according to the first embodiment of the present invention.
5 is a diagram illustrating an OTP generation process according to a second embodiment of the present invention.
6 is a diagram illustrating an OTP generation process according to a third embodiment of the present invention.
7 is a diagram illustrating an OTP generation process according to a fourth embodiment of the present invention.
8 is a diagram illustrating an OTP authentication process according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

1 is a diagram illustrating a functional configuration of a wireless terminal 100 having a function of generating an OTP using biometric information according to an embodiment of the present invention.

More specifically, FIG. 1 illustrates a user biometric function for recognizing a user's biometric information from a biometric subject corresponding to a fingerprint, an iris, a retina, or a face of a user owned by the user, and a wireless terminal (N > = 2) digit OTP (One Time Password) using the biometric information in the terminal 100 according to an embodiment of the present invention. , An implementation method having a function of generating an OTP using the biometric information at a wireless communication terminal (for example, a portable Internet terminal, etc.) connected to a wireless communication network of various wireless communication standards by referring to and / And the present invention includes all of the above-described methods of practicing the invention, and the technical features of the present invention are not limited thereto It shall be defined.

Hereinafter, FIG. 1 illustrates a method for generating an OTP of N digits using the biometric information in the mobile phone when the cellular phone connected to the mobile communication network is provided with the user biometric function and the OTP agent, Will be described.

The wireless terminal 100 according to an embodiment of the present invention includes an outer body in terms of hardware and a speaker and a microphone, a keypad, a liquid crystal display (LCD), an antenna, and a battery 130 A modem chip (for example, an MSM series modem chip of Qualcomm of the United States) that incorporates functions such as a CDMA (Code Division Multiple Access) modem, a CPU / MPU (Central Processing Unit / Micro Processing Unit) , A memory device, a duplexer filter that separates the transmit and receive signals from one antenna, a power amplifier that amplifies the transmit signal, a high power amplifier (HPA), an isolator that prevents reverse transmission of high- ), An RF / IF SAW filter for removing the desired out-of-band spurious signal, a frequency upstream circuit for the transmission path, a frequency downconversion circuit for the reception path, a VCTCXO (Volt age controlled temperature compensated X-tal oscillator), a UHF frequency synthesizer used as a local signal of frequency up / down conversion, and a codec chip for converting an analog voice signal into a digital signal. Elements are gradually integrated into the modem chip. Various functions for various multimedia services or various additional services are integrated in the modem chip in addition to core components for the mobile communication service.

1, the wireless terminal 100 includes a control unit 105 corresponding to the modem chip on a structure corresponding to the component, a screen output unit 110 corresponding to a LCD (Liquid Crystal Display) A sound processing unit 115 corresponding to a microphone / speaker, a key input unit 120 corresponding to a keypad, a wireless communication unit 135 corresponding to an antenna and various RF modules, a memory unit 150 corresponding to a nonvolatile memory A universal subscriber identity module 140 corresponding to an integrated circuit (IC) chip for storing universal subscriber identification information; a USIM reader 140 for reading / writing information (or data) And a battery 130 for power supply. The USIM 140 and the USIM reader 145 may be omitted according to the intention of those skilled in the art.

According to an embodiment of the present invention, the wireless terminal 100 may acquire, from any one of a user's fingerprint, iris, retina, and face, a user's fingerprint information, iris information, retina information, And a biometric unit (125) for recognizing biometric information corresponding to the biometric information and configuring the biometric information constituted by a data structure that allows the user to compare the biometric pattern unique to the user included in the biometric information.

The control unit 105 includes a processor including a CPU / MPU provided in the modem chip and an execution memory, and includes a program routine for providing a function peculiar to the wireless terminal 100 from a memory device, (Or an integrated circuit) provided for the bus (BUS) for inputting and outputting program data, and the memory (150) or the memory device (or chipset) (I.e., a generic name of a program routine or program data that is loaded into the processor and processed through the processor to perform a specific function), and thus is recorded in the recording medium of the wireless terminal 100 to generate an OTP using the biometric information The program code constructing unit corresponding to the OTP agent may be provided in the control unit 105 for convenience (Not shown) and one or more system management routines (e.g., power management routines, channel (forward / backward) management routines, hand Off routines and the like), and the control unit 105 realizes various functional configurations to be implemented in the wireless terminal 100. [0031] FIG.

According to an embodiment of the present invention, after power is supplied to the wireless terminal 100, the operating system routine (not shown), one or more system management routines (not shown) and various system variables corresponding thereto are transmitted to the controller 105 ), The wireless terminal 100 can determine the system setting detailed state, the pilot channel obtaining detailed state, the synchronous channel obtaining detailed state, and the timing conversion detailed state according to the booting procedure, Quot; mobile station initialization state ", which is included.

After performing the booting procedure, the operating system routine (not shown), one or more system management routines (not shown) and various system variables corresponding thereto are loaded into the execution memory provided in the control unit 105, The wireless terminal 100 is set to the operation mode corresponding to the "mobile station call waiting state ", the" system access state ", or the " Processing) procedure.

According to the embodiment of the present invention, it is preferable that the function of generating the OTP is started (or realized) by key input in the operation mode corresponding to the "mobile station call waiting state"

The screen output unit 110 is a function configuration unit for a screen for checking operation modes of the wireless terminal 100 and corresponding operation states of the wireless terminal 100. The screen output unit 110 includes one or more LCDs And a driver for driving the screen output device. The control unit 105 may output one or more key data input through the key input unit 120 in association with the control unit 105, A function processing screen and a function processing result screen corresponding to one or more functions (or programs) provided in the terminal 100 or outputting one or more contents (or downloaded) provided in the wireless terminal 100 (E.g., text content, image content, and multimedia content).

According to the embodiment of the present invention, the screen output unit 110 preferably performs a function of a menu screen corresponding to the function of generating the OTP, a function processing screen, and a screen output means for outputting a function processing result screen .

The sound processing unit 115 processes a sound input and output in each operation mode of the wireless terminal 100. The sound processing unit 115 decodes one or more encoded sound data, And a vocoder and a codec for encoding and outputting a sound signal input through a microphone provided in the wireless terminal 100 or a speaker.

According to the embodiment of the present invention, the sound processing unit 115 may generate sound data corresponding to a ringback tone through the speaker in an operation mode corresponding to the "system access state" among the operation modes of the wireless terminal 100 It is preferable to decode and output the voice signal, or to encode and input the voice signal through the microphone in the operation mode corresponding to the "call channel state ", or to decode and output the voice signal through the speaker.

In addition, the sound processing unit 115 may reproduce one or more sound contents or multimedia contents provided in (or downloaded from) the mobile terminal 100 in one or more operation modes including the " It is preferable that the sound data corresponding to the content is decoded and output.

The key input unit 120 may include a key input device having one or more key buttons including a number key, a character key or a function key, Wherein the key input device detects one or more key input signals generated by clicking (or inputting) the key button in the key input device.

According to the present invention, when a key input signal is detected from a key button provided in the key input device in an input mode or one or more operation modes controlled by the control unit 105, the key input unit 120 detects the key (E.g., MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, and MH_KEY_RELEASEEVENT) corresponding to the input signal, and provides the generated key event to the control unit 105. The control unit 105 controls the wireless terminal 100 (For example, from a key table storing (managing) one or more key data corresponding to a specific key event in each input mode or operation mode) in a current input mode or an operation mode of the key input device Reading the key data in the key event), or reading an instruction that executes a function defined by matching with the key event It characterized.

According to an embodiment of the present invention, the key input unit 120 inputs a telephone number in an operation mode corresponding to the "mobile station call waiting state" among the operation modes of the wireless terminal 100, It is preferable to change the operation mode of the wireless terminal 100 to the operation mode corresponding to the "system access state ".

*

The key input unit 120 inputs a function key (e.g., a menu key) in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 100, It is preferable to execute various functions provided in the mobile terminal.

According to an embodiment of the present invention, the key input unit 120 performs a function of key input means for inputting one or more key data corresponding to the function of generating the OTP.

The wireless communication unit 135 includes a CDMA modem and various RF modules (e.g., a duplexer filter, a power amplifier, a high power amplifier (HPA), an isolator ), An RF / IF SAW filter, a frequency up conversion circuit, a frequency down conversion circuit, a VCTCXO corresponding to a reference clock source, a UHF frequency synthesizer, etc.) and an antenna and a driver for driving the antenna. A Slot Mode, a Power Control, a Handoff, or a Call Processing procedure corresponding to each operation mode of the wireless terminal 100 .

According to another embodiment of the present invention, if the wireless terminal 100 shown in FIG. 1 is a portable Internet terminal, the wireless communication unit 135 may access a portable Internet based on IEEE 802.16x and configure a wireless communication function And it is possible to implement the present invention by modifying various other types of wireless communication configurations for providing wireless data communication in addition to the portable Internet. It is clear that it is not.

The USIM reader 145 is a functional component for exchanging one or more pieces of information (or data or commands) with the USIM 140 mounted or detached from the wireless terminal 100 through a standard including ISO / IEC 7816. [ The IC card reader includes a contact type IC card reader corresponding to the ISO / IEC 7816 standard. The IC card reader reads one or more pieces of information (or data) from the USIM 140 through an APDU (Application Protocol Data Unit) Data, or command) is exchanged.

The USIM 140 mounted on or detached from the wireless terminal 100 is an IC chip conforming to the ISO / IEC 7816 standard. Referring to the ISO / IEC 7816 standard, the USIM 140 includes a power supply (VCC) (E.g., commands or data) with the USIM reader unit 145 through contact points such as a reset signal RST, a clock signal CLK, a ground GND, a programming power supply VPP, an input / output An input / output interface for exchanging information with a processor, a processor unit including at least one computing element including a central processing unit (CPU), a micro processing unit (MPU), and a coprocessor, (E.g., ROM) among the memory devices, and a memory including at least one memory device including a random access memory (RAM), an electrically erasable programmable read only memory (EEPROM), and a flash memory (FM) Management of IC card internal resources When a power is supplied from the USIM reader 145 through the power supply (VCC) contact point of the input / output interface, the COS stored in the memory is stored in the execution memory (USIM 140) through an APDU (Application Protocol Data Unit) based on a clock frequency (e.g., 3.57 MHz or 4.9 MHz) of the clock signal (CLK) And the USIM reader unit 145. [0050] FIG.

According to the present invention, it is preferable that the memory of the USIM 140 is provided with an OTP applet including various information and a program code necessary for generating the OTP in the wireless terminal 100, A storage unit (not shown) for storing a data set corresponding to information or data read out or used by a processor provided in the processor 100, and a USIM (not shown) by a computation function of the processor unit and a command set provided by the COS 140), and operates as a program routine (for example, a Java applet in the case of a Javacard) used by a processor included in the wireless terminal 100, Processing corresponding to an application including an instruction calling code that interacts with the processor unit and an execution code that is processed by the processor unit (Not shown). In particular, the processing unit reads an instruction provided from a processor included in the wireless terminal 100 via the input / output interface through the APDU, and stores the command in the storage unit on the basis of the read command And provides the result or the read information or data to the processor included in the wireless terminal 100 through the input / output interface through the APDU.

According to an embodiment of the present invention, it is preferable that the storage unit of the OTP applet stores terminal-side OTP generation information for generating the N (N > = 2) OTPs in the wireless terminal 100, The terminal side OTP generation information may be omitted.

The terminal side OTP generation information includes a parameter for determining a fixed seed value dynamic seed value for generating N (N > = 2) OTPs in the OTP agent included in the wireless terminal 100 The dynamic seed value determined by the fixed seed value and the parameter is substituted into the predetermined OTP generation algorithm and the OTP generation method to generate N-digit OTP.

For example, if the OTP is generated in a time-synchronized manner, the terminal-side OTP generation information includes at least one fixed seed value to be substituted into the time-synchronized OTP generation algorithm, and a parameter for determining a dynamic seed value , And a synchronization time setting value for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP).

Alternatively, if the OTP is generated in a challenge-response manner, the terminal-side OTP generation information includes at least one fixed seed value to be substituted into the challenge-response OTP generation algorithm and a parameter for determining a dynamic seed value A random number generation value for generating a random number of a challenge-response, or random number reception information for receiving a random number).

According to an embodiment of the present invention, the terminal-side OTP generation information may be stored in the storage unit of the OTP applet in association with the OTP agent included in the user wireless terminal 100 (encrypted storage is possible).

According to an embodiment of the present invention, the USIM 140 may have a function of generating the N (N> = 2) OTPs, and the OTP generation information for generating the N-digit OTP The processing unit of the OTP applet may include at least one fixed seed value for generating the N-digit OTP through the OTP generation information provided through the wireless terminal 100, And a program code for generating the OTP by inputting the determined one or more fixed seed values and the dynamic seed value into the set OTP algorithm.

According to the embodiment of the present invention, the storage unit of the OTP applet stores (or encrypts and stores) the biometric authentication information for authenticating the biometric information acquired through the user biometric function provided in the wireless terminal 100 In this case, when the biometrics information is transmitted from the wireless terminal 100, the processing unit of the OTP applet compares (or verifies) the biometrics information with the biometrics authentication information, It is preferable that the validity of generating the OTP using the biometric information is authenticated, and the result of the validity authentication is returned to the wireless terminal 100.

Here, the biometric information may include fingerprint identification information constituting a comparable data structure of a fingerprint pattern unique to the user included in the fingerprint information recognized from the fingerprint of the user, unique information of the user included in the iris information recognized from the iris of the user, An iris recognition information constituting an iris pattern with a comparable data structure, retina recognition information constituting a user-specific retinal pattern included in retinal information recognized from the user's retina as comparable data structures, And facial recognition information constituting a user-specific facial pattern included in the facial information with a comparable data structure.

In the case where the biometric information and the biometric authentication information are compared and the validity of the OTP generation is verified, it is preferable that the biometric authentication information includes the biometric information as it is, and the biometric information and the biometric authentication information are verified In the case of authenticating the validity of OTP generation, the biometric authentication information preferably includes a biometric information verification value that is calculated with the biometric information to induce a predetermined calculation result.

According to an embodiment of the present invention, the memory of the USIM 140 is divided into a subscriber information area having a fixed memory address and an application area having a directory file (EFdir) structure. The application area is based on ISO / IEC 10202 The memory includes a protection area in which secret information such as a chip serial number (CSN) is stored, a COS control area, a user application area, a read / write access area, an application program area, and a FAT (File Allocation Table) management area, and the OTP applet is stored in a designated storage area other than the protection area and the COS control area.

According to the ISO / IEC 7816 standard, an application area of the memory includes one master file (MF) corresponding to a root file, and function information for one or more storage information under the master file (DF) corresponding to each ICC storage information, and actual information or data for a smart card service disposed under the dedicated file are included The OTP applet includes a file structure including the above-described file structure.

The memory unit 150 includes a storage medium for storing one or more pieces of information (or data) in the wireless terminal 100, and a generic name of a nonvolatile memory corresponding to a recording medium for recording a program code corresponding to one or more program routines A read only memory (ROM) corresponding to the read-only memory, a flash memory (FM) capable of reading / writing, and an EEPROM (Electrically Erasable and Programmable Read Only Memory) .

According to the embodiment of the present invention, the memory unit 150 can encrypt and store the terminal side OTP generation information for generating the N (N> = 2) OTPs in the wireless terminal 100 , The terminal side OTP generation information may be omitted according to the method. However, when the terminal side OTP generation information is stored in the memory unit 150, the terminal side OTP generation information is preferably encrypted and stored in the memory unit 150.

The terminal side OTP generation information includes a parameter for determining a fixed seed value dynamic seed value for generating N (N > = 2) OTPs in the OTP agent included in the wireless terminal 100 The dynamic seed value determined by the fixed seed value and the parameter is substituted into the predetermined OTP generation algorithm and the OTP generation method to generate N-digit OTP.

For example, if the OTP is generated in a time-synchronized manner, the terminal-side OTP generation information includes at least one fixed seed value to be substituted into the time-synchronized OTP generation algorithm, and a parameter for determining a dynamic seed value , And a synchronization time setting value for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP).

Alternatively, if the OTP is generated in a challenge-response manner, the terminal-side OTP generation information includes at least one fixed seed value to be substituted into the challenge-response OTP generation algorithm and a parameter for determining a dynamic seed value A random number generation value for generating a random number of a challenge-response, or random number reception information for receiving a random number).

According to the embodiment of the present invention, the memory unit 150 can encrypt and store biometric authentication information for authenticating the biometric information acquired through the user biometric function provided in the wireless terminal 100 In this case, if the biometrics information is acquired through the user biometrics function, the wireless terminal 100 compares (or verifies) the biometrics information with the biometrics authentication information, It is preferable to verify the validity of generating the OTP using the information and to reply the result of the validity authentication to the wireless terminal 100. [

The biometric unit 125 includes a fingerprint recognition module that recognizes biometric information corresponding to the user's fingerprint information from a fingerprint of the user, biometric information corresponding to the user's iris image from the user's iris, And a camera module for recognizing the biometric information corresponding to the user's retinal image or recognizing biometric information corresponding to the user's facial image from the user's face. In accordance with the intention of a person skilled in the art, It is clear that the object to be recognized and the corresponding biometrics recognition unit 125 are variously expandable and that the present invention is not limited by the biometrics object and the corresponding biometrics method.

Here, the biometric information corresponding to any one of the fingerprint information, iris information, retina information, and face information of the user recognized from the biometric subject of the user corresponding to any one of the fingerprint, iris, retina, It is preferable to include image data or vector data corresponding to the biometric method.

For example, the fingerprint information recognized by the electronic fingerprint recognition method preferably includes vector data. The fingerprint information recognized by the optical fingerprint recognition method, the iris information recognized by the camera portion, the retina information, Data is preferably included.

According to an embodiment of the present invention, the biometrics unit 125 may acquire fingerprint information, iris information, retina information, and image information of a user recognized from a biometrics object of a user corresponding to one of a fingerprint, iris, retina, It is preferable to construct biometric information including a data structure capable of comparing (or verifying) the unique biometric pattern of the user included in the biometric information corresponding to any one of the face information.

Here, the biometric information may include at least one of image data, vector data, and image / vector data corresponding to pattern data uniquely specifying a biometric pattern of a user included in the biometric information, It is preferable that the fingerprint code value including the fingerprint code value hash is set by the set hash function.

According to an embodiment of the present invention, when fingerprint information of the user is recognized from the fingerprint of the user, the fingerprint recognition information includes fingerprint pattern image data corresponding to fingerprint pattern data uniquely specifying the fingerprint pattern of the user, Vector data, fingerprint pattern image / vector data, or a fingerprint code value obtained by hashing the fingerprint pattern data into a predetermined hash function.

Alternatively, when the iris information of the user is recognized from the iris of the user, the iris recognition information may include iris pattern image data corresponding to iris pattern data uniquely specifying the iris pattern of the user, iris pattern vector data, And a fingerprint code value including at least one of image / vector data or hash of the iris pattern data as a predetermined hash function.

Alternatively, when the user's retina information is recognized from the retina of the user, the retina recognition information includes retinal pattern image data corresponding to retinal pattern data uniquely specifying the retinal pattern of the user, retinal pattern vector data, And a fingerprint code value including at least one of image / vector data or hash of the retina pattern data as a predetermined hash function.

Alternatively, when recognizing the face information of the user from the face of the user, the face recognition information may include face pattern image data corresponding to face pattern data uniquely specifying the face pattern of the user, face pattern vector data, The image data includes one or more image / vector data, or a fingerprint code value obtained by hashing the face pattern data into a predetermined hash function.

1, when the biometric information is obtained through the biometric unit 125, the wireless terminal 100 compares the biometric information with the biometric authentication information stored in the memory unit 150 Or verifies the validity of generating the OTP through the biometric information, or transmits the biometric information to the USIM 140 so that the validity of generating the OTP through the biometric information is authenticated And an authentication unit (155).

When the biometrics information is acquired through the biometrics unit 125, the authentication unit 155 generates a biometrics authentication data structure that can compare the biometrics information with the biometrics authentication information stored in the USIM 140 / Or a data structure capable of processing the biometric authentication information and the predetermined verification operation (note that when the data structure of the biometric information includes a data structure capable of being compared (or verified) with the biometric authentication information) Can be omitted).

When the biometric authentication information is provided to the memory unit 150 according to an embodiment of the present invention, the authentication unit 155 compares the biometric authentication information with the biometric authentication information to check whether the biometric authentication information is matched, Authenticating the validity of generating the OTP through the biometric information by verifying whether the predicted result is derived by processing a verification operation that has been set for the recognition information and the biometric authentication information.

When the biometric authentication information is provided to the USIM 140 according to another embodiment of the present invention, the authentication unit 155 transmits the biometric information to the USIM 140, (140) compares the biometric information with the biometric authentication information to check whether the biometric information matches the biometric authentication information or verifies the biometric information and the biometric authentication information to see if the predicted result is derived, (Or verification operation) result, thereby verifying the validity of generating the OTP through the biometric information.

According to another embodiment of the present invention, the biometric authentication information can be stored and maintained in a server on a communication network. In this case, the authentication unit 155 transmits the biometric information to a server on the communication network, It is possible to authenticate the validity of generating the OTP through the biometric information by receiving the result of the comparison (or verification operation) on the biometric information and the biometric authentication information from the server.

According to another embodiment of the present invention, the USIM 140 / memory unit 150 stores a password (or a personal identification number) registered by a user and inputs a password (or a personal identification number) The authentication unit 155 authenticates the input password (or the personal identification number) and verifies the validity of generating the OTP through the biometric information, or transmits the password (or the personal identification number) to the authentication using the biometric information, Identification number), and the present invention is not limited thereto.

1, the wireless terminal 100 further includes an authentication processing unit 160 for authenticating that the wireless terminal 100 is an OTP medium having the user biometric function and the OTP agent through the wireless communication network And the authentication processing unit 160 may be omitted according to the intention of a person skilled in the art or may be extended to the communication network by the authentication unit 155 to authenticate the validity of generating the OTP through the biometric information It is possible.

The authentication processing unit 160 identifies the unique information of the wireless terminal 100 provided in the USIM 140 and the memory 150 and configures the OTP media authentication information including the unique information of the wireless terminal 100 And transmits the encrypted OTP medium authentication information to a server on a communication network that authenticates the wireless terminal 100 with an OTP medium. The OTP medium authentication information is transmitted in an encrypted form using a decryptable encryption method by the server.

The unique information of the MS 100 provided in the USIM 140 includes a mobile identification number (MIN), a serial number (ESN), a subscriber identification number , An International Mobile Equipment Identity (IMEI), a Mobile Station International ISDN Number (MSISDN), and an IC chip serial number constituting the USIM 140, or the wireless terminal 100 may include one or more (E.g., a non-duplicated code value) or a USIM 140 identifier registered to authenticate that the OTP medium is an OTP medium having an OTP agent.

Alternatively, the unique information of the mobile terminal 100 included in the memory unit 150 may include a mobile identification number (MIN) stored in a predetermined system area of the memory unit 150 provided in the mobile terminal 100, (OTP) that is capable of generating the OTP, or may include at least one of a serial number (ESN), a subscriber identification number, and an International Mobile Equipment Identity (IMEI) (E.g., a non-redundant code value).

According to the embodiment of the present invention, the OTP medium authentication information preferably further includes the biometric information in addition to the unique information of the wireless terminal 100. To this end, the server on the communication network compares the biometric information (Or verification computation) is stored in the DB, and when the biometric information is received, it is checked whether the biometric information is matched with the biometric authentication information, or the biometric information is compared with the biometric authentication information (Or verification operation) result to the wireless terminal 100 after processing the predetermined verification operation with respect to the wireless terminal 100 to determine whether the predicted result is derived.

1, the wireless terminal 100 includes an information configuration unit 170 that configures OTP generation information including the biometric information as a seed value for generating N (N> = 2) Determining one or more fixed seed values and a dynamic seed value for generating the N-digit OTP from the constructed OTP generation information, and transmitting the determined one or more fixed seed values and the dynamic seed value to a predetermined OTP generation (OTP) generation unit 175 for generating OTP by substituting the USIM 140 / memory with the USIM 140. When the OTP generation information is stored in the USIM 140 / memory, the USIM 140 / The OTP generation unit 170 generates the OTP generation information by combining the terminal side OTP generation information and the biometric information to generate N (N > = 2) number of digits OTP generation information for generating an OTP.

If the validity of generating the OTP through the biometric information is authenticated by the authentication unit 155 (or the authentication processing unit 160), the information constructing unit 170 generates the OTP based on the biometric information acquired through the biometric unit 125 And if the biometric information does not match the data structure for generating the N-digit OTP, converts the obtained biometric information into a data structure for generating the N-digit OTP . If the biometric information obtained through the biometric unit 125 has a data structure for generating the N-digit OTP, or if the data structure of the biometric information obtained through the biometric unit 125 is It is not necessary to convert the data structure of the biometric information, and thus the present invention is not limited thereto.

According to an embodiment of the present invention, the biometric information is hashed through a hash function of hashing a series of text / binary data into a seed value data structure constituting the OTP generation information, It is preferable that the data structure is converted into a data structure for generation.

The information constructing unit 170 constructs OTP generation information for generating N-digit OTP by including the biometric information as a fixed seed value for generating the N-digit OTP.

According to the embodiment of the present invention, the information constructing unit 170 includes the unique ID of the wireless terminal 100 stored in the USIM 140 / memory unit 150 as a fixed seed value of the OTP generation information, It is preferable to configure OTP generation information for generating OTP of the number of digits.

If the N-digit OTP is a time-synchronized OTP, the information configuration unit 170 determines a time value (or a time value for a specific time interval) identified from a timer included in the wireless terminal 100 And construct OTP generation information for generating the N-digit OTP by including the determined time value as the dynamic seed value of the OTP generation information.

Alternatively, if the OTP of the N digits is an OTP of the challenge-synchronization type, the information construction unit 170 generates a predetermined random number value and transmits / exchanges with the server, or receives / It is preferable that OTP generation information for generating the OTP of N digits is formed by including the random number value as the dynamic seed value of the OTP generation information.

If the terminal side OTP generation information is stored in the USIM 140 / memory, the information verification unit 165 confirms the terminal side OTP generation information from the USIM 140 / memory unit 150, Unit 170 processes the biometric information as a fixed seed value for generating the N-digit OTP, combines the verified terminal-side OTP generation information and the biometric information to generate an N-digit OTP It is desirable to configure the OTP generation information for the OTP generation.

If OTP generation information including the biometric information as a fixed seed value for generating the N-digit OTP is configured by the information configuration unit 170, the OTP generation unit 175 generates OTP generation information Determining one or more fixed seed values included in the OTP generation information, determining one or more dynamic seed values based on the parameters included in the OTP generation information, and determining the determined one or more fixed seed values and the dynamic seed value to a predetermined OTP generation algorithm And generates N (N > = 2) OTPs. Here, the number of digits of N for the OTP may be fixed or dynamically changed every time OTP is generated, so that the present invention is not limited thereto.

Referring to FIG. 1, when the N-digit OTP is generated through the OTP generation unit 175, the wireless terminal 100 outputs an OTP output through the screen output unit 110 When the wireless terminal 100 is equipped with a local communication unit (not shown), the OTP output unit 180 transmits the generated OTP To the terminal (or device) located close to the wireless terminal 100.

When the OTP is generated, the OTP output unit 180 outputs the generated OTP to a predetermined area on the screen of the wireless terminal 100 in cooperation with the screen output unit 110.

According to one embodiment of the present invention, the OTP output unit 180 outputs an OTP output screen on the screen of the wireless terminal 100 in association with the screen output unit 110, OTP < / RTI >

According to another embodiment of the present invention, the OTP output unit 180 outputs (or assigns) an OTP output area to the screen area currently output on the screen of the mobile station 100, in association with the screen output unit 110 ), And outputs the generated OTP to the OTP output area.

If the wireless terminal 100 is equipped with local communication means (e.g., Bluetooth, infrared communication, RFID communication, RF communication, etc.), the OTP output unit 180 generates It is possible to output the OTP to the terminal (or device) located close to the wireless terminal 100.

According to another embodiment of the present invention, in the case where the wireless terminal 100 transmits the generated OTP to a server that is provided on the communication network and authenticates the OTP, the OTP output unit 180 transmits the generated OTP to the wireless communication unit 135 (For example, an encryption / decryption-based communication channel) for transmitting the OTP to a server authenticating the OTP through a secure communication channel, It is possible to directly transmit the generated OTP to the server, and thus the present invention is not limited thereto.

2 is a diagram illustrating the configuration of a wireless OTP system according to an embodiment of the present invention.

2 shows an OTP agent for generating an OTP of N digits using the biometric information to the wireless terminal 200 having the user biometric function, The present invention is a wireless OTP system configuration in which the wireless terminal 200 authenticates N-digit OTPs generated using the biometric information after having the functional configuration of the wireless terminal 200 shown in FIG. Those skilled in the art will appreciate that various implementations of the wireless OTP system configuration (e.g., some configuration portions omitted, or fragmented, or combined) may be referenced and / However, the present invention is not limited to the above-described embodiments, and the technical features of the present invention may be limited only by the method shown in FIG. It does not.

Referring to FIG. 2, the wireless OTP system includes a wireless terminal 200 having the functional configuration shown in FIG. 1, an OTP authentication request server 200 for requesting OTP authentication to a user having the wireless terminal 200, And OTP medium information corresponding to the wireless terminal 200 registered with the OTP medium and having the same functional configuration as that of FIG. 1, and storing the OTP medium information and the server-side OTP generation information in the storage medium 255, The wireless terminal 200 provides an OTP agent corresponding to the functional configuration of the wireless terminal 200 shown in FIG. 1 (if the OTP agent is provided in the wireless terminal 200) And an OTP operating system for receiving and authenticating N-digit OTPs generated by the mobile terminal 200 using the biometric information when the terminal 200 is used as an OTP medium. The radio terminal A user terminal 205 used by a user having the terminal 200 and a separate OTP server 220 authenticating the N-digit OTP generated by the wireless terminal 200.

According to the present invention, in the OTP operating system, each means constituting the OTP operating system is implemented in the form of a single integrated server, or each means (or a combination of two or more means) constituting the OTP operating system, A part of the means constituting the OTP operating system is implemented in the form of a server, and a part of the means is constituted by the OTP server 220, the OTP authentication requesting server 215, Each of the means constituting the OTP operating system may be implemented as a component of one or more servers of the communication company server 210 provided in the wireless communication network to which the wireless terminal 200 is connected, The authentication request server 215, and the communication company server 210, and the OTP operating system is implemented Expression bayida put out clearly that the invention is not limited by the type of server and SHALL implementation location and number.

The wireless terminal 200 is a wireless communication terminal device registered as an OTP medium for generating an OTP of N digits using the biometric information among the wireless terminals 200 having the user biometric function, 1 or by receiving an OTP generation command through a wireless communication network, or by driving the OTP agent shown in FIG. 1 to authenticate the OTP generation, OTP generation information including identification information is generated to generate and output an OTP of N digits.

The OTP authentication request server 215 is a generic name of servers that request to authenticate a user, payment settlement, and financial transaction through an OTP generated by the wireless terminal 200. The OTP authentication request server 215 includes an OTP A shopping mall server or a content providing server or a home shopping server for processing authentication of payment through OTP generated by the wireless terminal 200, and an OTP generated by the wireless terminal 200 The present invention is not limited to the above-described OTP authentication request server 215 and the OTP authentication request method.

The user terminal 205 is a generic name of a communication terminal to which the user having the wireless terminal 200 accesses the OTP authentication request server 215 via a communication network. The user terminal 205 includes a key input unit, a screen output unit, (E.g., a wireless terminal 200, a portable Internet terminal, etc.) connected to a wireless communication network, a bi-directional communication terminal A digital TV having functions, an IP-TV, a household terminal connected to a home network, and the like.

According to the method of the present invention, the user terminal 205 and the wireless terminal 200 may be the same apparatus, and thus the present invention is not limited thereto.

The OTP server 220 receives N-digit OTPs generated by the wireless terminal 200 through a communication network, generates an OTP 'that matches the OTP, compares the OTP with OTP' ) To process the OTP authentication. The function of authenticating the OTP by the OTP server 220 may be provided in the OTP operating system, so that the present invention is not limited thereto.

Referring to FIG. 2, the OTP operating system registers the wireless terminal 200 having the user biometric function as an OTP medium that generates N-digit OTP using the biometric information, And OTP media registration means 225 for forming server-side OTP generation information for generating OTP 'for authenticating N-digit OTPs generated by the OTP generation means 200 and storing the OTP generation information in the storage medium 255, An OTP agent that generates N-digit OTP using the biometric information is provided to the wireless terminal 200 registered as the OTP medium, or OTP generation information matching with the server-side OTP generation information is configured, And wireless terminal processing means (230) for providing the wireless terminal device (200) with wireless terminal processing means (230).

The OTP media registration means 225 may provide the OTP registration information to the wireless terminal 200. The OTP registration means 225 provides the OTP registration information to the wireless terminal 200, And stores the OTP medium information in the storage medium 255. When the OTP registration terminal (or the customer terminal used by the customer) provides the biometric information, The OTP media registration means 225 further stores the biometric information in the OTP medium information in the storage medium 255. [

The OTP registration terminal is a general term of a terminal device requesting to register the wireless terminal 200 as an OTP medium and includes a user terminal 205 used for the user, an OTP registration authority (For example, a national institution terminal, an OTP authentication request server 215, an operator terminal, a credit card terminal, a financial institution terminal, a securities company terminal, and the like) included in the server 215 operating agency, card company, .

The unique information of the mobile terminal 200 included in the OTP medium information includes at least one of a mobile identification number (MIN), a serial number (ESN) stored in a predetermined system area of the memory unit of the mobile terminal 200, An identification number, and an International Mobile Equipment Identity (IMEI), or a separate OTP medium registered to authenticate that the wireless terminal 200 is an OTP medium having an OTP agent capable of generating the N-digit OTP And an identifier (e.g., a code value that is not duplicated).

Alternatively, the unique information of the mobile terminal 200 may include a mobile identification number (MIN), a serial number (ESN), a subscriber identification number, an IMEI (International Mobile Equipment Identity), an MSISDN (Mobile Station International ISDN Number), and an IC chip serial number constituting a USIM, or the OTP agent capable of generating the N-digit OTP (For example, a non-duplicated code value) or a USIM identifier registered to authenticate that the OTP medium is an OTP medium having an OTP medium.

The customer information preferably includes a resident registration number corresponding to a name (or a user) of the wireless terminal 200 to be used as the OTP medium. It is preferable that the customer information includes a name, an address, a contact name And the like.

If the financial transaction is included in the authentication target using the wireless terminal 200 as the OTP medium, the customer information may further include financial information (e.g., account number, bank, etc.) of the customer corresponding to the customer information .

Or card transaction is included in the authentication target using the wireless terminal 200 as the OTP medium, the customer information may further include card information (e.g., card number, card company, etc.) of the customer corresponding to the customer information .

According to the intention of a person skilled in the art practicing the present invention and the field of using the wireless terminal 200 as an OTP medium, the customer information may include various information (for example, an object to be authenticated using the wireless terminal 200 as an OTP medium) And authentication information, the client account information for the game, and the like), and thus the present invention is not limited thereto.

The biometric object of the user includes any one of a fingerprint, an iris, a retina, and a face of a user, and the biometric information may be any one of a user's fingerprint information, iris information, retina information, Fingerprint identification information in which a fingerprint pattern unique to the user included in the fingerprint information recognized from the user's fingerprint is configured to be comparable to the fingerprint information, iris information recognized from the iris of the user, Iris recognition information constituted by a comparable data structure of an iris pattern, retinal recognition information constituted by a data structure in which the user's unique retinal pattern included in the retinal information recognized from the user's retina is comparable, facial information recognized from the user's face The unique facial patterns of the included users can be compared And a facial recognition unit configured to acquire facial recognition information.

When the OTP medium information is received, the OTP media registration unit 225 provides the client information and the unique information of the wireless terminal 200 to the communication company server 210 to which the wireless terminal 200 is connected, It is preferable to authenticate whether or not the use of the wireless terminal 200 as an OTP medium through the server 210 is valid.

If the validity of the OTP medium information is received or the validity of using the wireless terminal 200 as the OTP medium is authenticated, the OTP medium registration means 225 registers the wireless terminal 200 on the basis of the OTP medium information, Side OTP generation information for authenticating the OTP of N digits generated using the biometric information.

Here, the server-side OTP generation information includes information for generating an OTP 'of N digits to be compared (or verified) with the N-digit OTP generated by the wireless terminal 200, The above-mentioned fixed seed value and the parameter for determining the dynamic seed value.

When the biometric information is used as a fixed seed value for generating the N-digit OTP, the server-side OTP generation information includes the biometric information as the N-digit OTP ' As seed values.

If the wireless terminal 200 uses the unique information of the wireless terminal 200 provided in the USIM / memory unit as it is or changes the data structure of the unique information of the wireless terminal 200 to generate the N-digit OTP When used as a fixed seed value, the server side OTP generation information preferably includes a fixed seed value corresponding to the unique information of the wireless terminal 200 as a fixed seed value for generating the N-digit OTP '.

According to the embodiment of the present invention, the server-side OTP generation information preferably includes a fixed seed value generated based on the unique information of the mobile station 200 and / or the customer information included in the OTP medium information, The generated fixed seed value is preferably included in the terminal-side OTP generation information to be provided to the wireless terminal 200.

If the N-digit OTP is generated in a time-synchronized manner, the server-side OTP generation information includes synchronization time setting information for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP .

Or if the N-digit OTP is generated in a challenge-response manner, the server-side OTP generation information may generate a random number corresponding to the dynamic seed value of the challenge-response OTP, or receive a random number through the wireless communication network And a random number generation value for generating a random number.

When the server-side OTP generation information is generated (or allocated), the OTP media registration unit 225 configures terminal-side OTP generation information to be matched with the server-side OTP generation information. Information included in the wireless terminal 200 or can be determined dynamically in the OTP agent provided to the wireless terminal 200 without any additional information, The present invention is not limited thereto.

The OTP media registration means 225 stores the OTP medium information and the server-side OTP generation information in the storage medium 255 in association with each other so that the wireless terminal 200 can be registered with the N-digit OTP As an OTP medium.

If the biometrics information is received from the OTP registration terminal, the OTP media registration means 225 may further include the biometric information in the OTP medium information and store the biometrics information in the storage medium 255. [

If the wireless terminal 200 does not have an OTP agent corresponding to the configuration of the wireless terminal 200 shown in FIG. 1, the wireless terminal processing unit 230 transmits the OTP agent to the wireless terminal 200 ) And provides the OTP agent program code corresponding to the configuration shown in FIG. 1 to the wireless terminal 200 through the communication channel, so that the wireless terminal 200 The OTP agent program code may be omitted from providing the OTP agent program code to the wireless terminal 200 if the OTP agent is installed in the wireless terminal 200. [

When the terminal side OTP generation information is configured by the OTP media registration means 225, the wireless terminal processing means 230 transmits the OTP generation information to the wireless terminal 200 corresponding to the unique information of the wireless terminal 200 through the wireless communication network Side OTP generation information to the wireless terminal 200 through the communication channel to be recorded in a USIM / memory unit provided in the wireless terminal 200, and the terminal-side OTP If the generation information is not configured or the OTP can be generated through the wireless terminal 200 unique information and biometric information provided in the wireless terminal 200 without the terminal side OTP generation information at the wireless terminal 200 , It may be omitted to provide the terminal side OTP generation information to the wireless terminal 200.

According to an embodiment of the present invention, the wireless terminal processing unit 230 provides the OTP agent program code and terminal-side OTP generation information to the wireless terminal 200 through a separate communication channel, It is possible to provide the wireless terminal 200 with package data including a code and terminal side OTP generation information.

The wireless terminal processing unit 230 may provide biometric authentication information corresponding to the biometric information of the wireless terminal 200 corresponding to the unique information of the wireless terminal 200 through a wireless communication network, ) In the USIM / memory unit.

In the case where the wireless terminal 200 compares the biometric information and the biometric authentication information to authenticate the validity of the OTP generation, it is preferable that the biometric authentication information includes the biometric information as it is, In the case where the authentication information is verified and verified to validate the OTP generation, the biometric authentication information preferably includes a biometric information verification value that is calculated with the biometric information to induce a predetermined calculation result.

Referring to FIG. 2, the OTP operating system receives OTP medium authentication information from the wireless terminal 200 through a wireless communication network, compares the OTP medium authentication information with OTP medium information stored in the storage medium 255 (Or verification operation) to authenticate the wireless terminal 200 as an OTP medium.

When the wireless terminal 200 transmits the OTP medium authentication information, the medium authentication unit 235 receives the OTP medium authentication information, and receives from the storage medium 255 the configuration information included in the OTP medium authentication information (Or verification operation) between the configuration information included in the OTP medium authentication information and the configuration information included in the OTP medium information, and performs the comparison (or verification operation) with the configuration information included in the OTP medium authentication information, As a result, if the configuration information included in the OTP medium authentication information matches (or matches) the configuration information included in the OTP medium information stored in the storage medium 255, or if a result predicted through the verification operation is derived, The wireless terminal 200 that has transmitted the OTP media authentication information is authenticated by the OTP media registration means 225 to the valid wireless terminal 200 registered as the OTP medium.

According to the embodiment of the present invention, the OTP medium authentication information includes unique information of the wireless terminal 200 provided in the USIM / memory unit of the wireless terminal 200. In this case, (Or verify operation) between the unique information of the wireless terminal 200 included in the OTP medium authentication information and the unique information of the wireless terminal 200 included in the OTP medium information stored in the storage medium 255, Is authenticated as an OTP medium.

In addition, the OTP medium authentication information may further include the biometric information. When the biometric information is stored in the storage medium 255, the medium authentication unit 235 may include the OTP medium authentication information (Or verify operation) between the biometric information and the biometric information included in the OTP medium information stored in the storage medium 255 to authenticate the mobile terminal 200 as an OTP medium.

Referring to FIG. 2, the OTP operating system receives N-digit OTPs generated using the biometric information from an OTP agent provided in the wireless terminal 200 through a communication network, An information receiving means 240 for confirming the unique information of the terminal 200 and an information checking means 240 for checking OTP generation information for generating N-digit OTP 'to be compared (or verified) with the received N-digit OTP An OTP authentication unit 245 for generating N-digit OTP 'through the OTP generation information, and comparing (or verifying) the N-digit OTP with OTP' to verify whether the received OTP is valid The information receiving means 240, the information checking means 250 and the OTP authentication means 245 may be implemented in a separate OTP server 220, Includes all methods that can be inferred This is clearly made clear.

When the OTP is input and transmitted through the OTP input interface displayed on the user terminal 205, the information receiving means 240 transmits the OTP to the user terminal 205 via the communication network, The user terminal 205 receives the OTP from the user terminal 205. In this case, the user terminal 205 may receive the unique information of the wireless terminal 200 that generated the N-digit OTP, And the information receiving means 240 receives the unique information of the mobile terminal 200 from the user terminal 205 or receives the OTP medium information from the OTP medium information based on the customer information, It is desirable to confirm the unique information of the wireless terminal 200 that has generated the OTP of the wireless terminal 200.

Alternatively, the wireless terminal 200 can generate the OTP of the N digits and then transmit the generated OTP through the wireless communication network. In this case, the information receiving means 240 may receive the OTP through the wireless communication network, The mobile terminal 200 receives the OTP from the terminal 200. The mobile terminal 200 may identify the wireless terminal 200 by reading a communication protocol defined in the wireless communication network, 200) unique information.

According to the method of the present invention, when the OTP is encrypted and transmitted, the information receiving unit 240 decodes the OTP according to a predetermined decoding method.

When the OTP is received, the information checking unit 250 checks the server side OTP generation information associated with the unique information of the wireless terminal 200 from the storage medium 255.

According to an embodiment of the present invention, the server-side OTP generation information identified is identical to the OTP generation information including the biometric information to generate N-digit OTP in the wireless terminal 200, If the OTP generation information includes the parameter for determining the seed value, the information checking means 250 identifies the confirmed server side OTP generation information as OTP generation information for generating OTP 'of N digits.

According to another embodiment of the present invention, when the verified server side OTP generation information does not include the biometrics information, the information checking means 250 reads the biometrics information from the storage medium 255, Configures OTP generation information for generating N-digit OTP 'by combining the server-side OTP generation information and the biometric identification information, and the biometric information is the N-digit number OTP ', the information checking unit 250 may convert the biometric information into a data structure for generating the N-digit OTP'.

When the OTP generation information for generating the N-digit OTP 'is confirmed / configured, the OTP authentication means 245 identifies one or more fixed seed values for generating the OTP' from the OTP generation information, Determines one or more dynamic seed values through the parameters included in the generation information, and substitutes the determined one or more fixed seed values and dynamic seed values into the predetermined OTP generation algorithm to generate OTP 'of N digits.

When the N-digit OTP 'is generated, the OTP authentication unit 245 compares (or verifies) the received N-digit OTP' with the generated OTP 'to authenticate the OTP validity.

If the OTP and OTP 'match (or match) with each other as a result of the comparison, or if the predicted result is obtained through a verification operation, the OTP authentication unit 245 processes the OTP validity as authenticated, And provides the validity authentication result to at least one of the OTP authentication request receiving server 215, the user terminal 205, and the wireless terminal 200 that requires the OTP authentication result.

On the other hand, if the OTP and OTP 'do not match (or match) as a result of the comparison, or if the predicted result is not obtained through the verification operation, the OTP authentication unit 245 treats the OTP validity as unauthenticated And provides the OTP validity authentication result to at least one of the OTP authentication request receiving server 215, the user terminal 205, and the wireless terminal 200 that requires the OTP authentication result.

3 is a diagram illustrating an OTP media registration process according to an embodiment of the present invention.

In more detail, FIG. 3 shows a process of registering a user's wireless terminal 200 as an OTP medium on the wireless OTP system shown in FIG. 2, and a person skilled in the art , It is possible to refer to and / or modify the FIG. 3 to derive various implementations of the OTP media registration process (e.g., omitting some steps or changing the order) All the methods of implementation are included, and the technical features thereof are not limited only by the method shown in FIG.

Hereinafter, in FIG. 3, the OTP operating system shown in FIG. 2 is referred to as a "server" for the sake of convenience.

Referring to FIG. 3, when an OTP registration terminal accesses a server through a communication network and requests registration of the user's wireless terminal 200 as an OTP medium (300), the server registers the user information of the user, The OTP registration terminal provides an OTP media registration interface 300 for inputting / registering OTP media information including the unique information of the mobile terminal 200 corresponding to the user's wireless terminal 200, OTP medium information including the unique information of the wireless terminal 200, the customer information, and the biometric information is input and configured through the registration interface to the server (310).

The server receives the OTP medium information including the unique information of the wireless terminal 200, the customer information and the biometric identification information from the OTP registration terminal, and stores the unique information of the wireless terminal 200, the customer information, (315) to the communication company server 210 corresponding to the unique information of the wireless terminal 200 and verifies the validity of using the wireless terminal 200 corresponding to the unique information of the wireless terminal 200 as the OTP medium.

If the validity of using the wireless terminal 200 as an OTP medium is not confirmed at step 320, the server provides OTP medium error information to the OTP registration terminal at step 325, The process of registering with the medium is terminated.

On the other hand, if the validity of using the wireless terminal 200 as an OTP medium is confirmed (320), the server generates an N-digit number of the wireless terminal 200 using the biometric information on the basis of the OTP medium information (Or assigns) the server-side OTP generation information for authenticating the OTP 330, and stores the OTP medium information and the server-side OTP generation information in the storage medium 255 (335).

When providing the terminal side OTP generation information to the wireless terminal 200 according to an embodiment of the present invention, the server preferably configures terminal side OTP generation information matching with the server side OTP generation information, Side OTP generation information can be dynamically determined in the OTP agent provided to the wireless terminal 200 without information or including information based on the wireless terminal 200, And the present invention is not limited thereto.

Then, the server checks whether the OTP agent corresponding to the configuration of the wireless terminal 200 shown in FIG. 1 is provided to the wireless terminal 200 corresponding to the unique information of the wireless terminal 200 (340).

According to the embodiment of the present invention, the server transmits OTP agent information (for example, OTP agent version information, OTP issuer information, OTP use location information, OTP agent information, (Not shown) or an OTP server 220 or a communication company server 210 that stores the OTP agent in the wireless terminal 200 in association with the OTP agent.

If the OTP agent is not installed in the wireless terminal 200 in operation 345, the server is operable in a platform (or an operating system) included in the wireless terminal 200 and the wireless terminal 200 ) OTP agent program code corresponding to the configuration of the wireless terminal 200, and when the terminal-side OTP generation information matching with the server-side OTP generation information is configured, the terminal-side OTP generation information is transmitted to the wireless terminal 200 The wireless terminal 200 records the OTP agent in a recording medium (e.g., a program area of a USIM / memory) provided in the wireless terminal 200, To the OTP agent and stores it in the USIM / memory unit of the wireless terminal 200 (360).

On the other hand, if the OTP agent is installed in the wireless terminal 200 (345), the server may not provide the OTP agent program code to the wireless terminal 200, Side OTP generation information to the wireless terminal 200 (350), the wireless terminal 200 transmits the terminal-side OTP generation information to the wireless terminal 200 (E.g., a program area of the USIM / memory unit) and stores the program in the USIM / memory unit of the wireless terminal 200 (360).

4 is a diagram illustrating an OTP generation process according to the first embodiment of the present invention.

4 illustrates a process of generating N-digit OTPs using the biometric information in the wireless terminal 200 shown in FIG. 1. Referring to FIG. 4, It is possible to refer to and / or modify the FIG. 4 to derive various implementations of the OTP generation process (e.g., omitting some steps or changing the order) All the methods to be inferred are included, and the technical features thereof are not limited only by the method shown in FIG.

4, for convenience, the wireless terminal 200 transmits the OTP medium authentication information including the biometric information and the unique information of the wireless terminal 200 to the OTP operating system shown in FIG. 2, 200, but the present invention is not limited thereto, and the OTP medium authentication process may be omitted.

Hereinafter, in FIG. 4, the OTP operating system shown in FIG. 2 is referred to as a "server" for the sake of convenience.

Referring to FIG. 4, the wireless terminal 200 receives a dedicated key button for requesting to generate an N-digit OTP through key input means, or requests to generate the N-digit OTP through a predetermined menu selection (Or an OTP agent driving command) is received through the mobile communication network, the OTP agent corresponding to the configuration of the mobile terminal 200 shown in FIG. 1 is driven to transmit the mobile terminal 200 to the OTP The user authentication is requested (400), and the user authentication is processed through the password (or the personal identification number) (405).

If the user authentication is not processed (410), the wireless terminal (200) outputs user authentication error information (415) and ends the OTP generation process.

On the other hand, when the user authentication is processed 410, the wireless terminal 200 transmits the fingerprint identification information of the user through the biometric module corresponding to one of the fingerprint recognition module or the camera module provided in the wireless terminal 200, The biometric information corresponding to any one of the iris recognition information, the retina recognition information, and the facial recognition information is recognized and acquired (420).

If the biometrics information is obtained through the user biometrics function, the wireless terminal 200 configures the OTP media authentication information including the biometrics information and the unique information of the mobile terminal 200 (430) , The OTP media authentication information is transmitted to the server, and the OTP media authentication information is requested to authenticate the wireless terminal 200 as an OTP medium (435).

If the wireless terminal 200 is not authenticated as an OTP medium (440), the wireless terminal 200 outputs OTP medium error information (445) and ends the OTP generation process.

If the wireless terminal 200 is authenticated as an OTP medium (440), the wireless terminal 200 includes the biometric information as a fixed seed value for generating the N-digit OTP, The OTP generation information is generated (450).

According to the embodiment of the present invention, when terminal-side OTP generation information is not stored in the USIM / memory unit, the server transmits the unique information of the wireless terminal 200 stored in the USIM / memory unit to the OTP generation information It is preferable to construct OTP generation information for generating the N-digit OTP.

If the OTP of the N digits is a time-synchronized OTP, the wireless terminal 200 determines a time value (or a time value for a specific time interval) confirmed from a timer included in the wireless terminal 200 , And configures the OTP generation information for generating the N-digit OTP by including the determined time value as the dynamic seed value of the OTP generation information.

Alternatively, if the OTP of the N digits is the challenge-synchronization type OTP, the wireless terminal 200 generates a predetermined random number and transmits / exchanges it with the server or receives / exchanges the random number value generated by the server It is preferable to configure the OTP generation information for generating the N-digit OTP by including the random number as the dynamic seed value of the OTP generation information.

If the terminal side OTP generation information is stored in the USIM / memory, the wireless terminal 200 confirms terminal side OTP generation information from the USIM / memory unit, and the wireless terminal 200 transmits the biometrics information It is preferable to configure the OTP generation information for generating N-digit OTP by combining the identified terminal-side OTP generation information and the biometric information after processing with a fixed seed value for generating OTP of N digits.

If the OTP generation information including the biometrics information as the fixed seed value is configured (455), the wireless terminal 200 checks one or more fixed seed values included in the configured OTP generation information, (Step 460). In step 460, one or more dynamic seed values are determined based on the parameters included in the OTP generation algorithm, and one or more fixed seed values and dynamic seed values determined / determined are substituted into the predetermined OTP generation algorithm.

5 is a diagram illustrating an OTP generation process according to a second embodiment of the present invention.

5 shows a process of generating N-digit OTP using the biometric information in the wireless terminal 200 shown in FIG. 1. Specifically, the USIM / And verifying the validity of OTP generation using the biometric information through the biometric authentication information when the biometric authentication information to be compared (or verified) with the biometric information is included in the memory unit will be.

Those skilled in the art will be able to refer to and / or modify the FIG. 5 to understand the various ways of implementing the OTP generation process (e.g., omitting some steps or changing the order) However, the present invention includes all of the above-mentioned embodiments, and the technical features of the present invention are not limited by the method shown in FIG.

For example, in FIG. 5, the process of authenticating the user through the password (or the personal identification number) of the user is omitted for simplicity by including the process of confirming the validity of the OTP generation using the biometric information and the biometric authentication information. The invention is not limited thereto, and the user authentication process may be further provided.

5, for convenience, the wireless terminal 200 transmits the OTP medium authentication information including the biometric information and the unique information of the wireless terminal 200 to the OTP operating system shown in FIG. 2, 200, but the present invention is not limited thereto, and the OTP medium authentication process may be omitted.

Hereinafter, in FIG. 5, the OTP operating system shown in FIG. 2 is referred to as a "server" for convenience.

Referring to FIG. 5, the wireless terminal 200 receives a dedicated key button for requesting to generate an N-digit OTP through key input means, or requests to generate the N-digit OTP through a predetermined menu selection Or when an OTP generation command (or an OTP agent driving command) is received through the mobile communication network, an OTP agent corresponding to the configuration of the wireless terminal 200 shown in FIG. 1 is driven to be provided to the wireless terminal 200 Recognizes and acquires the biometric information corresponding to one of the fingerprint recognition information, the iris recognition information, the retina recognition information, and the face recognition information of the user through the biometric module corresponding to any one of the fingerprint recognition module or the camera module 500).

If the biometrics information is acquired through the user biometrics function in step 505, the wireless terminal 200 compares the obtained biometrics information with the biometrics authentication information provided in the USIM / And checks the validity of the OTP for generating N-digit OTP through the OTP generation information including the biometric information (510).

If the OTP validity is not confirmed (515), the wireless terminal 200 outputs OTP generation validity error information (520) and ends the OTP generation process.

On the other hand, when the validity of the OTP is confirmed (515), the wireless terminal 200 constructs OTP medium authentication information including the biometric information and the unique information of the wireless terminal 200 (525) And transmits the medium authentication information to request the OSS medium to authenticate the wireless terminal 200 (530).

If the wireless terminal 200 is not authenticated as the OTP medium (535), the wireless terminal 200 outputs the OTP medium error information (540) and ends the OTP generation process.

If the wireless terminal 200 is authenticated as an OTP medium (535), the wireless terminal 200 generates the N-digit OTP by including the biometric information as a fixed seed value for generating the N-digit OTP (545).

According to the embodiment of the present invention, when terminal-side OTP generation information is not stored in the USIM / memory unit, the server transmits the unique information of the wireless terminal 200 stored in the USIM / memory unit to the OTP generation information It is preferable to construct OTP generation information for generating the N-digit OTP.

If the OTP of the N digits is a time-synchronized OTP, the wireless terminal 200 determines a time value (or a time value for a specific time interval) confirmed from a timer included in the wireless terminal 200 , And configures the OTP generation information for generating the N-digit OTP by including the determined time value as the dynamic seed value of the OTP generation information.

Alternatively, if the OTP of the N digits is the challenge-synchronization type OTP, the wireless terminal 200 generates a predetermined random number and transmits / exchanges it with the server or receives / exchanges the random number value generated by the server It is preferable to configure the OTP generation information for generating the N-digit OTP by including the random number as the dynamic seed value of the OTP generation information.

If the terminal side OTP generation information is stored in the USIM / memory, the wireless terminal 200 confirms terminal side OTP generation information from the USIM / memory unit, and the wireless terminal 200 transmits the biometrics information It is preferable to configure the OTP generation information for generating N-digit OTP by combining the identified terminal-side OTP generation information and the biometric information after processing with a fixed seed value for generating OTP of N digits.

If the OTP generation information including the biometrics information as the fixed seed value is configured 550, the wireless terminal 200 checks one or more fixed seed values included in the OTP generation information, (Step 555). In step 555, one or more dynamic seed values are determined based on the parameters included in the OTP generation algorithm, and one or more fixed seed values and dynamic seed values determined / determined are substituted into the predetermined OTP generation algorithm.

6 is a diagram illustrating an OTP generation process according to a third embodiment of the present invention.

6 shows a process of generating N-digit OTP using the biometric information in the wireless terminal 200 shown in FIG. 1. Specifically, the USIM / And verifying the validity of OTP generation using the biometric information through the biometric authentication information when the biometric authentication information to be compared (or verified) with the biometric information is included in the memory unit will be.

Those skilled in the art will appreciate that various implementations of the OTP generation process (e.g., omitting some steps or changing the order) may be implemented by referring to and / or modifying FIG. 6, However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

For example, FIG. 6 includes a process of confirming the validity of the OTP generation through the biometric information and the biometric authentication information, thereby omitting the user authentication process using the user's password (or personal identification number) for the sake of simplicity. The invention is not limited thereto, and the user authentication process may be further provided.

Hereinafter, in FIG. 6, the OTP operating system shown in FIG. 2 is referred to as a "server" for convenience.

Referring to FIG. 6, the wireless terminal 200 receives a dedicated key button for requesting to generate an N-digit OTP through key input means, or requests to generate the N-digit OTP through a predetermined menu selection Or when an OTP generation command (or an OTP agent driving command) is received through the mobile communication network, an OTP agent corresponding to the configuration of the wireless terminal 200 shown in FIG. 1 is driven to be provided to the wireless terminal 200 Recognizes and acquires the biometric information corresponding to one of the fingerprint recognition information, the iris recognition information, the retina recognition information, and the face recognition information of the user through the biometric module corresponding to any one of the fingerprint recognition module or the camera module 600).

If the biometrics information is obtained through the user biometrics function (605), the wireless terminal 200 compares the obtained biometrics information with biometrics authentication information provided in the USIM / memory, And verifies the validity of the OTP for generating N-digit OTP through the OTP generation information including the biometric information (610).

If the OTP validity is not confirmed (615), the wireless terminal 200 outputs OTP generation validity error information (620), and ends the OTP generation process.

On the other hand, when the validity of the OTP is confirmed (615), the wireless terminal 200 includes the biometric information as a fixed seed value for generating the N-digit OTP to generate OTP generation information for generating an N-number OTP (625).

According to the embodiment of the present invention, when terminal-side OTP generation information is not stored in the USIM / memory unit, the server transmits the unique information of the wireless terminal 200 stored in the USIM / memory unit to the OTP generation information It is preferable to construct OTP generation information for generating the N-digit OTP.

If the OTP of the N digits is a time-synchronized OTP, the wireless terminal 200 determines a time value (or a time value for a specific time interval) confirmed from a timer included in the wireless terminal 200 , And configures the OTP generation information for generating the N-digit OTP by including the determined time value as the dynamic seed value of the OTP generation information.

Alternatively, if the OTP of the N digits is the challenge-synchronization type OTP, the wireless terminal 200 generates a predetermined random number and transmits / exchanges it with the server or receives / exchanges the random number value generated by the server It is preferable to configure the OTP generation information for generating the N-digit OTP by including the random number as the dynamic seed value of the OTP generation information.

If the terminal side OTP generation information is stored in the USIM / memory, the wireless terminal 200 confirms terminal side OTP generation information from the USIM / memory unit, and the wireless terminal 200 transmits the biometrics information It is preferable to configure the OTP generation information for generating N-digit OTP by combining the identified terminal-side OTP generation information and the biometric information after processing with a fixed seed value for generating OTP of N digits.

If OTP generation information including the biometric information as a fixed seed value is configured 630, the wireless terminal 200 checks one or more fixed seed values included in the OTP generation information, (Step 635). In step 635, one or more dynamic seed values are determined based on the parameters included in the OTP generation algorithm, and one or more fixed seed values and dynamic seed values determined / determined are substituted into the predetermined OTP generation algorithm.

7 is a diagram illustrating an OTP generation process according to a fourth embodiment of the present invention.

7 shows a process of generating N-digit OTPs using the biometric information in the wireless terminal 200 shown in FIG. 1. Referring to FIG. 7, It is possible to refer to and / or modify the FIG. 7 to various implementations of the OTP generation process (e.g., omitting some steps or changing the order). However, And all the methods to be inferred, and the technical features thereof are not limited only by the method shown in FIG.

Hereinafter, in FIG. 7, the OTP operating system shown in FIG. 2 is referred to as a "server" for the sake of convenience.

Referring to FIG. 7, the wireless terminal 200 receives a dedicated key button for requesting to generate an N-digit OTP through key input means, or requests to generate the N-digit OTP through a predetermined menu selection (Or an OTP agent driving command) is received through the mobile communication network, the OTP agent corresponding to the configuration of the mobile terminal 200 shown in FIG. 1 is driven to transmit the mobile terminal 200 to the OTP The user authentication is requested (700), and the user authentication is processed through the password (or the personal identification number) (705).

If the user authentication is not processed (710), the wireless terminal 200 outputs user authentication error information (715) and ends the OTP generation process.

Meanwhile, when the user authentication is performed (710), the wireless terminal 200 transmits the fingerprint identification information of the user through the biometric module corresponding to any one of the fingerprint recognition module or the camera module provided in the wireless terminal 200, Recognizes and acquires biometric information corresponding to any one of iris recognition information, retinal recognition information, and facial recognition information (720).

If the biometric information is obtained through the user biometric function (725), the wireless terminal 200 includes the biometric information as a fixed seed value for generating the N-digit OTP, (730). ≪ / RTI >

According to the embodiment of the present invention, when terminal-side OTP generation information is not stored in the USIM / memory unit, the server transmits the unique information of the wireless terminal 200 stored in the USIM / memory unit to the OTP generation information It is preferable to construct OTP generation information for generating the N-digit OTP.

If the OTP of the N digits is a time-synchronized OTP, the wireless terminal 200 determines a time value (or a time value for a specific time interval) confirmed from a timer included in the wireless terminal 200 , And configures the OTP generation information for generating the N-digit OTP by including the determined time value as the dynamic seed value of the OTP generation information.

Alternatively, if the OTP of the N digits is the challenge-synchronization type OTP, the wireless terminal 200 generates a predetermined random number and transmits / exchanges it with the server or receives / exchanges the random number value generated by the server It is preferable to configure the OTP generation information for generating the N-digit OTP by including the random number as the dynamic seed value of the OTP generation information.

If the terminal side OTP generation information is stored in the USIM / memory, the wireless terminal 200 confirms terminal side OTP generation information from the USIM / memory unit, and the wireless terminal 200 transmits the biometrics information It is preferable to configure the OTP generation information for generating N-digit OTP by combining the identified terminal-side OTP generation information and the biometric information after processing with a fixed seed value for generating OTP of N digits.

If the OTP generation information including the biometric information as the fixed seed value is configured 735, the wireless terminal 200 identifies one or more fixed seed values included in the OTP generation information, And generates and outputs an NTP OTP by substituting the determined one or more fixed seed values and the dynamic seed value into the predetermined OTP generation algorithm in operation 740.

8 is a diagram illustrating an OTP authentication process according to an embodiment of the present invention.

8 is a flowchart illustrating an operation of the OTP operating system shown in FIG. 2, in which N (N) generated by the wireless terminal 200 shown in FIG. 1 through the process shown in FIGS. > = 2) number of digits of the OTP to match with the OTP, and compares (or verifies) the received OTP of the N digits with the OTP 'to verify the validity of the OTP Those skilled in the art will be able to refer and / or modify FIG. 8 to illustrate various implementations of the OTP authentication process (e.g., some steps may be omitted, However, the present invention includes all of the above-mentioned embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Hereinafter, in FIG. 8, the OTP operating system shown in FIG. 2 is referred to as a "server" for the sake of convenience.

Referring to FIG. 8, after the N-digit OTP is generated / outputted by the wireless terminal 200 shown in FIG. 1 through the process shown in FIGS. 4 to 7, 1, receives the N-digit OTP inputted through the OTP input interface outputted to the user terminal 205, or receives the generated N-digit OTP from the wireless terminal 200 shown in FIG. 1, The server 200 checks the biometric information of the wireless terminal 200 and verifies the server side OTP generation information associated with the unique information of the wireless terminal 200 from the storage medium 255, (Step 805), and the OTP generation information including the biometric information as a fixed seed value is checked (step 810) by combining (or linking) the biometric information and the server side OTP generation information.

If the server side OTP generation information includes the biometric information as a fixed seed value according to the embodiment of the present invention, the server generates OTP generation information for generating the N-digit OTP ' It is desirable to check with information.

Thereafter, the server checks one or more fixed seed values for generating the N-digit OTP 'from the OTP generation information, determines one or more dynamic seed values based on the parameters included in the OTP generation information, / OTP 'of N digits is generated by substituting the determined one or more fixed seed values and the dynamic seed value into the predetermined OTP generation algorithm (815).

If the N-digit OTP 'is generated (820), the server compares (or verifies) the received N-digit OTP with OTP' to check the OTP validity (825).

According to the method of the present invention, when the OTP and the OTP 'are matched (or matched) as a result of the comparison between the OTP and the OTP', or when the predicted result is obtained through the verification operation, .

If the OTP validity is not confirmed 830, the server transmits an OTP authentication result corresponding to the OTP validity error to the OTP authentication result receiving means (e.g., the OTP authentication request server 215, the user terminal 205, (Including one or more of terminal 200).

On the other hand, if the validity of the OTP is confirmed 830, the server transmits an OTP authentication result corresponding to the OTP validation confirmation to the OTP authentication result receiving means (e.g., the OTP authentication request server 215, the user terminal 205, (E. G., One or more of < / RTI >

100: wireless terminal 105:
110: Screen output unit 115: Sound processing unit
120: key input unit 125: biometric unit
130: Battery 135:
140: USIM 145: USIM reader unit
150: memory unit 155: authentication unit
160: authentication processing unit 165:
170: Information configuration unit 175: OTP generation unit
180: OTP output unit

Claims (4)

A method of executing via a user's mobile phone having a program for accessing a mobile communication network and generating an OTP (One Time Password)
When a program identifier of a code value uniquely assigned to the user's mobile phone is stored in a designated storage area of the mobile phone after the program is downloaded and stored in the designated storage area, A first step of registering and storing the medium information including the information on the storage medium of the designated server;
When the program of the user's cellular phone is executed to generate the OTP, the program of the user's cellular phone extracts the medium identifier of the code value type stored in the designated storage area and transmits the medium authentication information including the extracted medium identifier to the server A second step of transmitting;
When the server compares and authenticates the medium identifier of the medium authentication information with the medium identifier of the medium information registered and registered in the storage medium, the program of the user's mobile phone receives a result of authenticating the user with the OTP medium from the server A third step;
A fourth step of confirming a result of authenticating the user's body through the biometric unit of the cellular phone authenticated by the OTP medium when the user's cellular phone program is authenticated as the user's OTP medium through the server; And
And a fifth step of dynamically generating N (N? 2) -times OTPs designated by the program of the user's cellular phone when the user's body is authenticated through the authenticated OTP medium after authenticating the user's OTP medium through the server A method of operating a mobile api using biometrics.
2. The method of claim 1,
Wherein the code includes a code value that is not unique to the user's mobile phone but is unique to the mobile phone, and is not separately allocated after the program is downloaded to the mobile phone.
The method according to claim 1,
When authenticated with the user's OTP medium through the server,
The program of the user's mobile phone verifying the biometric information recognized from the user's body using the biometric unit of the mobile phone authenticated with the OTP medium; And
The method of claim 1, further comprising the step of: performing an authentication procedure set by the program of the user's mobile phone to authenticate the validity of the recognized biometric information.
The method according to claim 1,
When the N-digit OTP is dynamically generated,
And transmitting the generated N-digit OTP to a terminal or a device located nearby using the short-range communication means of the user's mobile phone.

Images